Total
645 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-9907 | 1 Imagemagick | 1 Imagemagick | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
coders/dds.c in ImageMagick allows remote attackers to cause a denial of service via a crafted DDS file. | |||||
CVE-2016-7514 | 1 Imagemagick | 1 Imagemagick | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
The ReadPSDChannelPixels function in coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file. | |||||
CVE-2017-8354 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
In ImageMagick 7.0.5-5, the ReadBMPImage function in bmp.c allows attackers to cause a denial of service (memory leak) via a crafted file. | |||||
CVE-2014-9816 | 1 Imagemagick | 1 Imagemagick | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted viff file. | |||||
CVE-2017-7606 | 1 Imagemagick | 1 Imagemagick | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
coders/rle.c in ImageMagick 7.0.5-4 has an "outside the range of representable values of type unsigned char" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. | |||||
CVE-2014-9829 | 1 Imagemagick | 1 Imagemagick | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
coders/sun.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted sun file. | |||||
CVE-2016-7519 | 1 Imagemagick | 1 Imagemagick | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
The ReadRLEImage function in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file. | |||||
CVE-2016-10047 | 1 Imagemagick | 1 Imagemagick | 2023-12-10 | 7.1 HIGH | 5.5 MEDIUM |
Memory leak in the NewXMLTree function in magick/xml-tree.c in ImageMagick before 6.9.4-7 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML file. | |||||
CVE-2016-6823 | 1 Imagemagick | 1 Imagemagick | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Integer overflow in the BMP coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a denial of service (crash) via crafted height and width values, which triggers an out-of-bounds write. | |||||
CVE-2016-5688 | 2 Imagemagick, Oracle | 2 Imagemagick, Solaris | 2023-12-10 | 6.8 MEDIUM | 8.1 HIGH |
The WPG parser in ImageMagick before 6.9.4-4 and 7.x before 7.0.1-5, when a memory limit is set, allows remote attackers to have unspecified impact via vectors related to the SetImageExtent return-value check, which trigger (1) a heap-based buffer overflow in the SetPixelIndex function or an invalid write operation in the (2) ScaleCharToQuantum or (3) SetPixelIndex functions. | |||||
CVE-2014-9804 | 1 Imagemagick | 1 Imagemagick | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
vision.c in ImageMagick allows remote attackers to cause a denial of service (infinite loop) via vectors related to "too many object." | |||||
CVE-2017-7275 | 1 Imagemagick | 1 Imagemagick | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
The ReadPCXImage function in coders/pcx.c in ImageMagick 7.0.4.9 allows remote attackers to cause a denial of service (attempted large memory allocation and application crash) via a crafted file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862 and CVE-2016-8866. | |||||
CVE-2014-9813 | 1 Imagemagick | 1 Imagemagick | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
ImageMagick allows remote attackers to cause a denial of service (application crash) via a crafted viff file. | |||||
CVE-2014-9838 | 1 Imagemagick | 1 Imagemagick | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
magick/cache.c in ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service (crash). | |||||
CVE-2016-3717 | 3 Canonical, Imagemagick, Redhat | 10 Ubuntu Linux, Imagemagick, Enterprise Linux Desktop and 7 more | 2023-12-10 | 7.1 HIGH | 5.5 MEDIUM |
The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files via a crafted image. | |||||
CVE-2016-3716 | 3 Canonical, Imagemagick, Redhat | 10 Ubuntu Linux, Imagemagick, Enterprise Linux Desktop and 7 more | 2023-12-10 | 4.3 MEDIUM | 3.3 LOW |
The MSL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to move arbitrary files via a crafted image. | |||||
CVE-2016-5118 | 7 Canonical, Debian, Graphicsmagick and 4 more | 14 Ubuntu Linux, Debian Linux, Graphicsmagick and 11 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename. | |||||
CVE-2016-3715 | 3 Canonical, Imagemagick, Redhat | 10 Ubuntu Linux, Imagemagick, Enterprise Linux Desktop and 7 more | 2023-12-10 | 5.8 MEDIUM | 5.5 MEDIUM |
The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image. | |||||
CVE-2016-4562 | 1 Imagemagick | 1 Imagemagick | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
The DrawDashPolygon function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 mishandles calculations of certain vertices integer data, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file. | |||||
CVE-2016-3718 | 3 Canonical, Imagemagick, Redhat | 10 Ubuntu Linux, Imagemagick, Enterprise Linux Desktop and 7 more | 2023-12-10 | 4.3 MEDIUM | 6.3 MEDIUM |
The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image. |